Cheuk Ting Ho
Developer advocate / Data Scientist - support open-source and building the community.
Why should you use Scorecard?
Grab this slides: slides.com/cheukting_ho/openssf-scorecard
Who is a maintainer of an Open Source project?
Who thinks they have good security practice of their project?
We are here to help
- Part of the Linux Foundation
- Focus on Open Source Security
- Not for Profit
- Security newsletters and blog
- Free courses:
-
OpenSSF Day (OSS EU)
- 18th Spet Bilbao
- Created and maintained by the OpenSSF community
- help open source maintainers
- improve their security best practices
- help open source consumers
- judge whether their dependencies are safe
- automated tool - run checks
- Scorecard GitHub Action
- Scorecard REST API
- Scorecard Badges
- Is the project free of checked-in binaries?
- Does the project use Branch Protection ?
- Does the project run tests in CI?
- Does the project practice code review before code is merged?
- Does the project use tools to help update its dependencies?
- Is the project at least 90 days old, and maintained?
Full list: github.com/ossf/scorecard#scorecard-checks
Checks includes
Talk to me if you wanna know more
(I got stickers 🌈)
Grab this slides: slides.com/cheukting_ho/openssf-scorecard
Why you should use OpenSSF Scorecard?
By Cheuk Ting Ho
